Commit 3948c20e authored by A. Koch's avatar A. Koch

add cors, auth0

parent ac9aacf9
......@@ -9,5 +9,19 @@
"url": "mongodb://localhost:27017/motionbank-api",
"dbName": "motionbank-api"
}
},
"auth": {
"jwks": {
"cache": true,
"rateLimit": true,
"jwksRequestsPerMinute": 5,
"jwksUri": "https://motionbank.eu.auth0.com/.well-known/jwks.json"
},
"jwt": {
"audience": "https://motionbank-api.herokuapp.com",
"issuer": "https://motionbank.eu.auth0.com/",
"algorithms": ["RS256"],
"credentialsRequired": false
}
}
}
This diff is collapsed.
......@@ -4,7 +4,11 @@ const
polka = require('polka'),
Primus = require('primus'),
morgan = require('morgan'),
{ json } = require('body-parser')
cors = require('cors')({ origin: true }),
jwt = require('express-jwt'),
jwks = require('jwks-rsa'),
{ json } = require('body-parser'),
{ ObjectUtil } = require('mbjs-utils')
/**
* HTTP server
......@@ -42,8 +46,11 @@ const
Service = require('./service'),
app = polka({ server })
app.use(json())
app.use(morgan(process.env.NODE_ENV === 'production' ? 'common' : 'dev'))
const jwtCheck = jwt(ObjectUtil.merge({
secret: jwks.expressJwtSecret(config.get('auth.jwks'))
}, config.get('auth.jwt')))
app.use(cors, jwtCheck, json(), morgan(process.env.NODE_ENV === 'production' ? 'common' : 'dev'))
/**
* Configure resources
......@@ -51,6 +58,12 @@ app.use(morgan(process.env.NODE_ENV === 'production' ? 'common' : 'dev'))
const annotations = new Service('annotations', app, models.Annotation, winston)
annotations.on('message', message => primus.write(message))
const maps = new Service('maps', app, models.Map, winston)
maps.on('message', message => primus.write(message))
const documents = new Service('documents', app, models.Document, winston)
documents.on('message', message => primus.write(message))
/**
* Start server
*/
......
......@@ -16,12 +16,12 @@ class Service extends TinyEmitter {
const _this = this
app.get(`/${this._name}.json`, async (req, res) => {
app.get(`/${this._name}`, async (req, res) => {
const results = await this.client.find(req.params.query || {}, req.params)
_this._response(req, res, results)
})
app.get(`/${this._name}/:id.json`, async (req, res) => {
app.get(`/${this._name}/:id`, async (req, res) => {
const result = await this.client.get(req.params.id, req.params)
if (result) {
const instance = new this.ModelConstructor(result, `${req.params.id}`)
......@@ -30,7 +30,7 @@ class Service extends TinyEmitter {
send(res, 404)
})
app.post(`/${this._name}.json`, async (req, res) => {
app.post(`/${this._name}`, async (req, res) => {
const
ctx = this,
data = req.body
......@@ -43,38 +43,42 @@ class Service extends TinyEmitter {
// TODO: allow for full array inserts instead just single requests
const instance = new this.ModelConstructor(data),
result = await this.client.create(instance, req.params)
instance.update(result)
instance.populate(result)
_this._response(req, res, instance)
})
app.put(`/${this._name}/:id.json`, async (req, res) => {
app.put(`/${this._name}/:id`, async (req, res) => {
const data = req.body
let result = await this.get(req.params.id)
let result = await this.client.get(req.params.id)
if (result) {
// TODO: transactions anyone?!
data.uuid = req.params.id
let instance = new this.ModelConstructor(data, req.params.id)
result = await this.client.update(req.params.id, instance, req.params)
instance = new this.ModelConstructor(result, req.params.id)
return _this._response(req, res, instance)
}
send(res, 404)
})
app.patch(`/${this._name}/:id.json`, async (req, res) => {
app.patch(`/${this._name}/:id`, async (req, res) => {
const data = req.body
let instance = await this.get(req.params.id)
if (instance) {
instance.update(data)
let existing = await this.client.get(req.params.id)
if (existing) {
let instance = new this.ModelConstructor(existing, req.params.id)
instance.populate(ObjectUtil.merge(instance.toObject(), data))
await this.client.update(req.params.id, instance, req.params)
return _this._response(req, res, instance)
}
send(res, 404)
})
app.delete(`/${this._name}/:id.json`, async (req, res) => {
const result = await this.client.remove(req.params.id, req.params)
if (result) {
return _this._response(req, res, result)
app.delete(`/${this._name}/:id`, async (req, res) => {
let existing = await this.client.get(req.params.id)
if (existing) {
const result = await this.client.remove(req.params.id, req.params)
if (result) {
return _this._response(req, res, existing)
}
}
send(res, 404)
})
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment